import jwt from 'jsonwebtoken'
import { JWT_SECRET, ACCESS_TOKEN_EXPIRES_IN } from '../config/env.js'

export function generateAccessToken(user) {
  return jwt.sign({ sub: user.id, username: user.username }, JWT_SECRET, {
    expiresIn: ACCESS_TOKEN_EXPIRES_IN,
  })
}

export function getBearerToken(req) {
  const auth = req.headers.authorization || ''
  const parts = auth.split(' ')
  if (parts.length === 2 && parts[0] === 'Bearer') return parts[1]
  return null
}

export function verifyToken(token) {
  return jwt.verify(token, JWT_SECRET)
}
